HP Security Research – Know your Adversary

Jacob West, CTO for HP Security Research provides an overview of HP’s efforts to study IT security criminals and determine the motivation, capabilities and methods for HP Customers.

HP’s Field Intelligence group studies and actively engages with potential adversaries,using many of the same technique as government intelligence operatives. Hacktivist, malicious state entities and groups around the world are monitored, and in some cases infiltrated by HP security specialists.

Adversaries often do extensive research on target companies, sold as profiles on the black market . Conversely, some types of attacks involving customers, plans or other data assets are freely available from public sources. When a penetration occurs, on average it is over 270 days before it is discovered – so there is a long period of time for information to be gathered.

Threats are primarily very targeted, with attackers selecting a particular business unit, technology or group with high resale value on the black market.

HP’s recently announced HP Threat Central is a crowdsourced resource for security professionals

This episode is also available on the SDRNews Roku channel, in the Roku Channel Store (Science and Technology Category), or by channel code SDR12.

Jacob West

Jacob West is chief technology officer for Enterprise Security Products (ESP) at HP.

In this role, he influences the security roadmap for the ESP portfolio and leads HP Security Research (HPSR), which drives innovation with research publications, threat briefings and actionable security intelligence delivered through HP security products.

Prior to this role, West served as chief technology officer for Fortify products and leader of Fortify Software Security Research within HP ESP.

West has spent more than a decade developing, delivering and monetizing innovative security solutions, beginning with static analysis research at the University of California, Berkeley, and as an early security researcher at Fortify prior to its acquisition.

A world-recognized expert on software security, West co-authored the book “Secure Programming with Static Analysis” with colleague and Fortify founder, Brian Chess, in 2007. Today, the book remains the only comprehensive guide to how developers can use static analysis to avoid the most prevalent and dangerous vulnerabilities in code.

West is a frequent speaker at industry events, including RSA Conference, Black Hat, Defcon and OWASP. He graduated from the University of California, Berkeley, with dual degrees in computer science and French.